tetrate-ci opened a new pull request, #250: URL: https://github.com/apache/skywalking-satellite/pull/250
## Summary This PR bumps the Go toolchain from 1.26.2 to 1.26.3 to fix the following Go standard library CVEs: | CVE ID | Severity | Package | Fix | |--------|----------|---------|-----| | CVE-2026-39825 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-39836 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-42499 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-33811 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-39826 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-39820 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-33814 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | | CVE-2026-39823 | High | stdlib (Go standard library) | Bump Go 1.26.2 → 1.26.3 | ## Changes - `docker/Dockerfile`: Updated base image from `golang:1.26.2` to `golang:1.26.3` - `go.mod`: Updated toolchain directive from `go1.26.2` to `go1.26.3` ## Verification A local Docker image was built and scanned with Trivy — **0 vulnerabilities** detected after the upgrade. @kezhenxu94 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
